The Black Chamber

The Marine Corps Times reports that Edward Snowden has declared his mission "already accomplished" in a public interview. "Snowden told The Washington Post in an interview published online Monday night that he was satisfied because journalists have been able to tell the story of the government’s collection of bulk Internet and phone records, an activity that has grown dramatically in the decade since the Sept. 11, 2001, terrorist attacks."

But Snowden is prematurely congratulating himself. He didn't finish the NSA. However, Cass Sunstein undoubtedly will. In August 2013, President Obama appointed Sunstein to serve on the NSA oversight panel.

In it, Sunstein recommends that a sharp or sharper line be drawn between national security intelligence gathering and personal information. In order to achieve this he recommends a process that will intermediate and pick and choose between proposed programs based on a political cost-benefit analysis.

Sunstein also recommends that the NSA tell the public (and by implication American foes) what it does in the form of a report. Programmers might call such a grant "describe" permissions over NSA intelligence programs, which he calls "transparency".

[I use "describe permissions" to cover the kind of metadata which allow readers to browse what a program is about, but not the actual data it contains.]

Sunstein says:

legislation should be enacted requiring information about surveillance programs to be made available to the Congress and to the American people to the greatest extent possible (subject only to the need to protect classified information). We also recommend that legislation should be enacted authorizing telephone, Internet, and other providers to disclose publicly general information about orders they receive directing them to provide information to the government. Such information might disclose the number of orders that providers have received, the broad categories of

information produced, and the number of users whose information has been produced. In the same vein, we recommend that the government should publicly disclose, on a regular basis, general data about the orders it has issued in programs whose existence is unclassified.

Will this help? We'll examine the question in a moment.

Sunstein advocates moving all the curent metadata back to the telephone provider and require them to keep it and thereafter prohibit government from ever storing such data in bulk. "Consistent with this recommendation, we endorse a broad principle for the future: as a general rule and without senior policy review, the government should not be permitted to collect and store mass, undigested, non-public personal information about US persons for the purpose of enabling future queries and data-mining for foreign intelligence purposes."

These recommendations may have a superficial attractiveness, but in reality they make things worse.

It marks a return to the days of AT& T. What does it matter where the data is stored if it is in principle accessible anyway? This is solving the nonproblem part of the problem. The Federal Government was equally happy in the heyday of AT&T, which stored all the data in one place where the Feds could get at it anyway.

Today instead of a monopoly, there are hundreds of telecomms companies. The NSA has to store it themselves for ready access. Ordering their return would could not be be effected without mandated database standards, software version control, coordinated patches, defined interfaces, and security regs. The private companies would in effect be deputized to store data for the NSA in order to achieve the useless task of making the physical location of the data more politically correct. Making companies store the data would really be to control them.

The New York Times noted that China has been buying up all the bankrupt US undersea cable communications companies. Will they abide by Sunstein's recommendations? In the end, information provision and storage will reroute around the US for no gain at all.

But it would still not change the essential arrangement: the Black Chamber in the room above the Post Office. This was and is the architecture of communications intelligence, both in the US and in foreign countries

A black room is part of a telecommunications center (e.g. a post office) used by state officials to conduct clandestine interception and surveillance of communications. Typically all letters or communications would pass through the black room before being passed to the recipient. This practice had been in vogue since the establishment of posts, and was frequently used in France by the ministers of Louis XIII and his followers as cabinet noir (French for "black room").

His proposed addition of more layers of oversight evades the basic problem of why current oversight doesn't work. It is not that supervisory bodies do not now exist, but they have been remiss and shirked their duties. The controversial NSA programs were all known to the classified overseers and were even visible to Snowden, who we are told had no special access, but that did not keep them from going forward. The question is why.

The failure of oversight lies rather in the bureaucratic incentives in Washington. In particular it may suffer from the ambiguous mission of the FBI, which is not only an a de facto domestic intelligence agency, it is also a law enforcement organization. Intelligence gathering is by nature concerned with what the Minority Report called "pre-crime". By contrast, law enforcement is by American tradition a post-facto affair.

You have the right to do the crime if you are willing to do the time. But until you actually do the crime you are still blameless. However this distinction vanishes when intelligence and criminal prosecution are vested in the same agency. When you come right down to it, the most important danger to losing privacy is the danger you will go to jail for something you don't even know is a crime.

Sunstein's recommendations does nothing to resolve or to separate intelligence from criminal investigation insofar as US persons are concerned. An FBI agent rises on the basis of convictions -- those are his incentives. Sunstein's recommendations about what and what cannot be collected are largely irrelevant if that problem is not addressed.

Feeling safer yet?

Terrorism has made it necessary to the surveil persons communicating with, or commingled with US persons. Hampering intelligence is not so nearly as important as ensuring pre-crime never becomes crime. Sunstein's recommendations have charted out a process that will cost billions yet do nothing to improve the situation for US persons, though they will be a tremendous boon to foreign agents.

The main structural problems that need to be fixed are the incentive structure among US intelligence agencies. What really matters is the commingling to the intelligence function with the criminal system. Intelligence should be permitted relatively unfettered access if the criminal justice system is not its de facto handmaiden.

The other big problem area that Sunstein's recommendation does not address is human reliability. The only network worth protecting is the internal networks of the intelligence agencies -- and this includes, though we programmers may not admit it -- the human network. Snowden, Manning, Hanssen, Walker, Ames were insiders. Adding more insiders of dubious quality to oversee the describe permissions and oversee operations can multiply rather than reduce the risk.

But Washington will never addresses these problems. At least Sunstein won't. It is always easier to add a new bureaucratic layer and more security theater on top of a problem than it is to resolve organizational incentives. In Washington nothing is destroyed, only accreted.

The Black Chamber will still sit above the post office wherever a government has an intelligence office and a post office. The important thing is to arrange the incentives so that nothing perverse happens in that relationship. Where the post office is actually located relative to the Black Chamber or whether there are clerks watching clerks in the chamber is less important than giving the clerks no cause to embezzle money or frame the innocent.

A Belmont Club commenter once observed that nobody asked whether the USAF could nuke Chicago. Any air force capable of nuking Moscow could surely nuke Cleveland. Shifting around the airbases and adding more layers of oversight to the construction of the SIOP is rather a futile exercise if the basic question of incentives is not addressed. But that is what Sunstein is essentially doing. Ultimately the USAF won't bomb Chicago because it's personnel won't and have no reason to.

Snowden won't finish the NSA. But Sunstein might. His recommendations are an actual test of whether US communications intelligence policy can function rationally or whether, like everything else, it is a creature of reaction. Sunstein's report does not draw a sharp line between national security intelligence gathering and personal information. He has added more lawyers to the process and increased the complexity of the system. He does not make anything any safer, except for the enemy.

The easiest way to judge a system is to imagine someone we don't like in charge of it. Let's imagine Cass Sunstein in charge of overseeing the NSA. Or let the left imagine say, Rush Limbaugh running the show because in the nature of things someone like Sunstein might actually be appointed to an oversight position. And who knows, maybe some right wing Tea Party guy might get the job next time. Can we live with that system? With what it empowers?

It may be more important to separate the intelligence function from the prosecutorial trigger than it is to file down the sight of the rifle. The challenge is to preserve the intelligence function of the NSA while reducing the coercive effective of such knowledge on domestic and other exempt persons.

It's doubtful we can stop the march of technical progress. Consider:

About 5 terrabytes would contain all the text in the Library of Congress. A petaybe is a 1,000 terrabytes. An exabyte is a thousand petabytes. A zettabyte is a thousand exabytes.

But a yottabyte is a thousand zettabytes. Most of us think Big Data is a couple of terrabytes. The NSA thinks in Yottabtyes. From Wikipedia:

"As part of the Global Information Grid and Comprehensive National Cyber-security Initiative, the US National Security Agency (NSA) is building a $2 billion Utah Data Center facility to process (not store) yottabytes of information.

To store a yottabyte on terabyte-size hard drives would require ten billion city block size data-centers, as big as the states of Delaware and Rhode Island. If 64 GB microSDXC cards (the most compact data storage medium available to the public as of early 2013) were used instead, the total volume would be approximately 2500000 cubic meters, or the volume of the Great Pyramid of Giza."

We are dealing with forces and scales that would have been unimaginable a decade ago.

Did you know that you can purchase some of these books and pamphlets by Richard Fernandez and share them with you friends? They will receive a link in their email and it will automatically give them access to a Kindle reader on their smartphone, computer or even as a web-readable document.

The War of the Words for $3.99, Understanding the crisis of the early 21st century in terms of information corruption in the financial, security and political spheres